Asymetric end-to-end encryption

Thanks for the implementanion of end-to-end encryption, its good to see some care about using Pushover in situtiations where data protection regulations would generally otherwise forbid (or restrict) me from doing so, e.g. when handling private customer data.

Unfortunately, I'm not very comfortable with the implementation as is stands. Quite honestly, it feels half-arsed at best, and unlikely to stand up to regulotary muster in situations I'd want to use it.

Firstly, from a perspective of usable cryptography it is awful. I cannot expect users to go around all their devices pasting in a hex string in to get this to work. Who generates this string? Can we be sure of its entropy? Is copy-pasting private keying material a good idea? (to be clear: it is not).

Secondly, from a cryptographic implementation perspective it also irks me. Instead of using an AES mode with built in authentication, or any other AEAD cipher, there's a custom built consruction of HMAC and AES-CBC. Both of thse operations use the same key; not per se a problem, but a cryptographic irk nontheless. Additionally, such a key must be shared by all applications. So any application that the user lets send them end-to-end encrypted messages can decrypt all of their messages, or for that matter, anyone who steals the key from any application.

What should really happen is that users have a public/private key pair, for which they can never view the private key. The public key (being public in nature) can then be given to applications without wory about the security of the keying material. A protocol could then, for example, be devised in which, for each message, an ephemeral key is generated, a shared secret calculated using Diffie-Hellman, such a shared secret put through an appropriate Key Derivation Function, and then the message encrypted with a proper AEAD cipher using such a key. Then the ephemeral public key and encrypted message are sent to the app.